A number of fear that extra disclosures are coming.
Up to now, little is thought in regards to the scope of the hack past statements from F5 that its supply code and delicate details about software program vulnerabilities have been stolen.
The corporate’s web site says it serves greater than 4 in 5 Fortune 500 corporations in some capability, and U.S. officers have stated that federal networks have been amongst these focused within the hack’s aftermath and have urged quick motion.
That in depth presence alone has triggered widespread unease.
F5’s inventory tumbled 12 p.c final Thursday, the day it revealed a bunch of fixes for beforehand susceptible merchandise, though it rebounded barely by the tip of the week.
A number of cybersecurity executives and analysts in contrast the hack at F5 to the extraordinary intrusion on the software program firm SolarWinds found in December 2020.
That firm, whose Orion software program was used for community monitoring, grew to become the unwitting springboard into numerous extremely delicate networks after its supply code was tampered with.
Round a dozen authorities departments have been finally breached within the wide-ranging spy operation.
Identical to SolarWinds, which was little recognized within the shopper market earlier than the hack, F5 has a bunch of tech tools and companies – load balancers, content material supply networks and firewalls – that sometimes play low-profile however important roles in directing, managing and filtering organizations’ web visitors.
“I am not equating this to the SolarWinds assault, however I am equating it to the truth that individuals by no means hear of it, but it surely’s in everyone’s community,” stated Michael Sikorski, the chief expertise officer at Palo Alto Networks‘ menace intelligence-focused Unit 42.
“Once we’re speaking about 80 p.c of the Fortune 500, we’re speaking about banks, legislation corporations, tech corporations, you title it.”
Sikorski stated the F5 hackers stole supply code and undisclosed vulnerability info, doubtlessly giving them the power to develop instruments for cyberespionage in a decent time-frame.
Bob Huber, chief safety officer of cybersecurity agency Tenable, stated he too had SolarWinds in thoughts as he tried to make sense of what was occurring at F5.
“As of proper now, this isn’t SolarWinds,” he advised Reuters, noting that F5 has stated it had “no proof of modification to our software program provide chain.”
Nonetheless, Huber stated there have been indicators that extra unwelcome disclosures lie forward, given the paucity of details about the breach and the urgency with which the federal government was transferring to remediate it, through an October 15 emergency directive and a public warning that unnamed federal networks have been being focused by a “nation-state cyber menace actor.”
“We’re ready for the opposite shoe to drop,” he stated.
Whereas no different victims of the F5 breach have been publicly recognized, cybersecurity agency Greynoise Intelligence, which screens web scanning and assault exercise, has discovered hints that an unknown actor was looking for F5 gadgets on the web beginning a couple of month in the past.
Greynoise detected a significant spike in scanning exercise centered on F5 starting in mid-September, in accordance with Glenn Thorpe, the corporate’s senior director of safety analysis and detection engineering.
“That suggests somebody someplace knew one thing,” Thorpe stated.